Labour Day Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Amazon Web Services
  3. AWS Certified Associate
  4. SOA-C02 - AWS Certified SysOps Administrator - Associate (SOA-C02)

Amazon Web Services SOA-C02 AWS Certified SysOps Administrator - Associate (SOA-C02) Exam Practice Test

Demo: 23 questions
Total 305 questions
Get SOA-C02 Full Access Download SOA-C02 PDF

AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

Question 1

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

See the Explanation for solution.

Options:

Question 2

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Options:

Question 3

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the

console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

Configure Amazon EventBridge to meet the following requirements.

1. use the us-east-2 Region for all resources,

2. Unless specified below, use the default configuration settings.

3. Use your own resource naming unless a resource

name is specified below.

4. Ensure all Amazon EC2 events in the default event

bus are replayable for the past 90 days.

5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2

Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Input Path:

{“instance” : “$.detail.instance-id”}

Input template:

“ The EC2 Spot Instance has been on account.

Options:

Question 4

A SysOps administrator is unable to launch Amazon EC2 instances into a VPC because there are no available private IPv4 addresses in the VPC. Which combination of actions must the SysOps administrator take to launch the instances? (Select TWO.)

Options:

A.

Associate a secondary IPv4 CIDR block with the VPC

B.

Associate a primary IPv6 CIDR block with the VPC

C.

Create a new subnet for the VPC

D.

Modify the CIDR block of the VPC

E.

Modify the CIDR block of the subnet that is associated with the instances

Question 5

A company wants to track its AWS costs in all member accounts that are part of an organization in AWS Organizations. Managers of the

member accounts want to receive a notification when the estimated costs exceed a predetermined amount each month. The managers

are unable to configure a billing alarm. The IAM permissions for all users are correct.

What could be the cause of this issue?

Options:

A.

The management/payer account does not have billing alerts turned on.

B.

The company has not configured AWS Resource Access Manager (AWS RAM) to share billing information between the member accounts and the management/payer account.

C.

Amazon GuardDuty is turned on for all the accounts.

D.

The company has not configured an AWS Config rule to monitor billing.

Question 6

A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID. and routing policy have been set appropriately for both primary and secondary servers.

Which next step should be taken to configure Route 53?

Options:

A.

Create an A record for each server. Associate the records with the Route 53 HTTP health check.

B.

Create an A record for each server. Associate the records with the Route 53 TCP health check.

C.

Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.

D.

Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.

Question 7

A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic:

Which solution will provide the EC2 instances in the private subnet with access to the internet?

Options:

A.

Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.

B.

Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.

C.

Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.

D.

Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.

Question 8

A SysOps administrator is deploying a test site running on Amazon EC2 instances. The application requires both incoming and outgoing connectivity to the internet.

Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)

Options:

A.

Add a NAT gateway to a public subnet.

B.

Attach a private address to the elastic network interface on the EC2 instance.

C.

Attach an Elastic IP address to the internet gateway.

D.

Add an entry to the route table for the subnet that points to an internet gateway.

E.

Create an internet gateway and attach it to a VPC.

Question 9

A company's SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed. The third-party agent has an msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The third-party agent required periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically

Which combination of steps will meet these requirements with the LEAST operational effort? (Seed TWO.)

Create a Systems Manager Distributor package for the third-party agent.

Options:

A.

Make sure that Systems Manager Inventory Is configured. If Systems Manager Inventory is not configured, set up a new inventory tor instances that is based on the appropriate tag value for Windows.

B.

Create a Systems Manager State Manager association to run the AWS-RunRemoteScript document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day

C.

Create a Systems Manager State Manager- association to run the AWS-ConfigureAWSPackage document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day

D.

Create a Systems Manager Opsitem with the tag value for Windows Attach the Systems Manager Distributor package to the Opsitem. Create a maintenance window that is specific to the package deployment Configure the maintenance window to cover 24 hours a day.

Question 10

A company is implementing a monitoring solution that is based on machine learning. The monitoring solution consumes Amazon EventBridge (Amazon CloudWatch Events) events that are generated by Amazon EC2 Auto Scaling. The monitoring solution provides detection of anomalous behavior such as unanticipated scaling events and is configured as an EventBridge (CloudWatch Events) API destination.

During initial testing, the company discovers that the monitoring solution is not receiving events. However, Amazon CloudWatch is showing that the EventBridge (CloudWatch Events) rule is being invoked. A SysOps administrator must implement a solution to retrieve client error details to help resolve this issue.

Which solution will meet these requirements with the LEAST operational effort?

Options:

A.

Create an EventBridge (CloudWatch Events) archive for the event pattern to replay the events. Increase the logging on the monitoring solution. Use replay to invoke the monitoring solution. Examine the error details.

B.

Add an Amazon Simple Queue Service (Amazon SQS) standard queue as a dead-letter queue for the target. Process the messages in the dead-letter queue to retrieve error details.

C.

Create a second EventBridge (CloudWatch Events) rule for the same event pattern to target an AWS Lambda function. Configure the Lambda function to invoke the monitoring solution and to record the results to Amazon CloudWatch Logs. Examine the errors in the logs.

D.

Configure the EventBridge (CloudWatch Events) rule to send error messages to an Amazon Simple Notification Service (Amazon SNS) topic.

Question 11

An Amazon EC2 instance needs to be reachable from the internet. The EC2 instance is in a subnet with the following route table:

Which entry must a SysOps administrator add to the route table to meet this requirement?

Options:

A.

A route for 0.0.0.0/0 that points to a NAT gateway

B.

A route for 0.0.0.0/0 that points to an egress-only internet gateway

C.

A route for 0.0.0.0/0 that points to an internet gateway

D.

A route for 0.0.0.0/0 that points to an elastic network interface

Question 12

A SysOps administrator is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time.

Which solution should a SysOps administrator choose to meet these requirements?

Options:

A.

Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS Proxy to handle the increases in database connections.

B.

Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS read replicas to handle the increases in database connections.

C.

Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections.

D.

Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS read replicas to handle the increases in database connections.

Question 13

A database is running on an Amazon RDS Mufti-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted. Which approach will resolve the encryption requirement?

Options:

A.

Log in to the RDS console and select the encryption box to encrypt the database

B.

Create a new encrypted Amazon EBS volume and attach it to the instance

C.

Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.

D.

Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance

Question 14

A company has a new requirement stating that all resources in AWS must be tagged according to a set policy.

Which AWS service should be used to enforce and continually identify all resources that are not in compliance with the policy?

Options:

A.

AWS CloudTrail

B.

Amazon Inspector

C.

AWSConfig

D.

AWS Systems Manager

Question 15

A Sysops administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-I Region. The administrator finds that this

template has failed to create an EC2 instance in the us-west-2 Region.

What is one cause for this failure?

Options:

A.

Resource tags defined in the CloudFormation template are specific to the us-east-I Region.

B.

The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region.

C.

The cfn-init script did not run during resource provisioning in the us-west-2 Region.

D.

The IAM user was not created in the specified Region.

Question 16

A company is expanding its fleet of Amazon EC2 instances before an expected increase of traffic. When a SysOps administrator attempts to add more instances, an InstanceLimitExceeded error is returned.

What should the SysOps administrator do to resolve this error?

Options:

A.

Add an additional CIDR block to the VPC.

B.

Launch the EC2 instances in a different Availability Zone.

C.

Launch new EC2 instances in another VPC.

D.

Use Service Quotas to request an EC2 quota increase.

Question 17

An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, an Amazon RDS PostgreSQL database, an

Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.

To satisfy the requirements, which one of these services can the SysOps administrator enable at-rest encryption on?

Options:

A.

EBS General Purpose SSD volumes

B.

RDS PostgreSQL database

C.

Amazon EFS file systems

D.

S3 objects within a bucket

Question 18

A large multinational company has a core application that runs 24 hours a day, 7 days a week on Amazon EC2 and AWS Lambda. The company uses a combination of operating systems across different AWS Regions. The company wants to achieve cost savings and wants to use a pricing model that provides the most flexibility.

What should the company do to MAXIMIZE cost savings while meeting these requirements?

Options:

A.

Establish the compute expense by the hour. Purchase a Compute Savings Plan.

B.

Establish the compute expense by the hour. Purchase an EC2 Instance Savings Plan.

C.

Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy.

D.

Use EC2 Spot Instances to match the instances that run in each Region.

Question 19

An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region. A SysOps administrator has noticed that when trying to deploy the same AWS

CloudFormation stack, it fails to deploy.

What is likely to be the problem?

Options:

A.

The Amazon Machine image used is not available in that region.

B.

The AWS CloudFormation template needs to be updated to the latest version.

C.

The VPC configuration parameters have changed and must be updated in the template.

D.

The account has reached the default limit for VPCs allowed.

Question 20

A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same structure and include the HTTP response codes that are associated with the user requests. The company needs to monitor the number of times that the web server returns an HTTP 404 response.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create a CloudWatch Logs metric filter that counts the number of times that the web server returns an HTTP 404 response.

B.

Create a CloudWatch Logs subscription filter that counts the number of times that the web server returns an HTTP 404 response.

C.

Create an AWS Lambda function that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.

D.

Create a script that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.

Question 21

A company is tunning a website on Amazon EC2 instances thai are in an Auto Scaling group When the website traffic increases, additional instances lake several minutes to become available because ot a long-running user data script that installs software A SysOps administrator must decrease the time that is required (or new instances to become available

Which action should the SysOps administrator take to meet this requirement?

Options:

A.

Reduce the scaling thresholds so that instances are added before traffic increases

B.

Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group

C.

Update the Auto Scaling group to launch instances that have a storage optimized instance type

D.

Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software

Question 22

A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in tts own Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.

What should a SysOps administrator do to meet this requirement?

Options:

A.

Perform a CloudWatch Logs Insights query that uses the stats command and count function.

B.

Perform a CloudWatch Logs search that uses the groupby keyword and count function.

C.

Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.

D.

Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.

Question 23

A company has a memory-intensive application that runs on a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB). The instances run in an Auto Scaling group. A Sysops administrator must ensure that the application can scale based on the number of users that connect to the application.

Which solution will meet these requirements?

Options:

A.

Create a scaling policy that will scale the application based on the ActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB.

B.

Create a scaling policy that will scale the application based on the mem used Amazon CloudWatch metric that is generated from the ELB.

C.

Create a scheduled scaling policy to increase the number of EC2 instances in the Auto Scaling group to support additional connections.

D.

Create and deploy a script on the ELB to expose the number of connected users as a custom Amazon CloudWatch metric. Create a scaling policy that uses the metric.

Load More SOA-C02 Questions
Demo: 23 questions
Total 305 questions
Get SOA-C02 Full Access Download SOA-C02 PDF